As as I understand, Sguil is supposed to create the remaining database tables (event, icmphdr, etc.) upon receiving the first event, and it did.
However, when it created the tables it appended the sensor name to the table names, for example, the sensor name is sensor-test, now the created tables have the following naming convention: table_sensor-test_timestamp, for example: event_sensor-test_141359.
Now any SQL statement executed fails with "SQL syntax error". I tried renaming the table but that also fails. Did I miss something in the configurations on the sensor?
Get latest updates about Open Source Projects, Conferences and News.